CVE-2007-3798 - OpenCVE

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tcpdump	Tcpdump
Slackware	Slackware
Apple	Mac Os X Server Mac Os X
Canonical	Ubuntu Linux
Debian	Debian Linux
Freebsd	Freebsd

Configuration 1 [-]

cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:slackware:slackware:9.0:::::::*
	cpe:2.3:a:slackware:slackware:9.1:::::::*
	cpe:2.3:a:slackware:slackware:10.0:::::::*
	cpe:2.3:a:slackware:slackware:10.1:::::::*
	cpe:2.3:a:slackware:slackware:10.2:::::::*
	cpe:2.3:a:slackware:slackware:11.0:::::::*
	cpe:2.3:a:slackware:slackware:12.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:freebsd:freebsd::::::::
	cpe:2.3:o:freebsd:freebsd::::::::
	cpe:2.3:o:freebsd:freebsd:5.5:-::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p1::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p11::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p12::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p13::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p14::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p2::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p3::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p4::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p5::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p7::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p8::::::
	cpe:2.3:o:freebsd:freebsd:5.5:p9::::::
	cpe:2.3:o:freebsd:freebsd:6.1:-::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p1::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p10::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p11::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p12::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p13::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p16::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p17::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p18::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p2::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p4::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p6::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p7::::::
	cpe:2.3:o:freebsd:freebsd:6.1:p9::::::
	cpe:2.3:o:freebsd:freebsd:6.2:-::::::
	cpe:2.3:o:freebsd:freebsd:6.2:p1::::::
	cpe:2.3:o:freebsd:freebsd:6.2:p4::::::
	cpe:2.3:o:freebsd:freebsd:6.2:p5::::::
	cpe:2.3:o:freebsd:freebsd:6.2:p6::::::

Configuration 6 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=184815	Third Party Advisory
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12	Broken Link
http://docs.info.apple.com/article.html?artnum=307179	Broken Link
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html	Mailing List
http://secunia.com/advisories/26135	Broken Link Vendor Advisory
http://secunia.com/advisories/26168	Broken Link Vendor Advisory
http://secunia.com/advisories/26223	Broken Link Vendor Advisory
http://secunia.com/advisories/26231	Broken Link Vendor Advisory
http://secunia.com/advisories/26263	Broken Link Vendor Advisory
http://secunia.com/advisories/26266	Broken Link Vendor Advisory
http://secunia.com/advisories/26286	Broken Link Vendor Advisory
http://secunia.com/advisories/26395	Broken Link Vendor Advisory
http://secunia.com/advisories/26404	Broken Link Vendor Advisory
http://secunia.com/advisories/26521	Broken Link Vendor Advisory
http://secunia.com/advisories/27580	Broken Link Vendor Advisory
http://secunia.com/advisories/28136	Broken Link Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200707-14.xml	Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313	Mailing List Patch
http://www.debian.org/security/2007/dsa-1353	Third Party Advisory
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c	Exploit
http://www.mandriva.com/security/advisories?name=MDKSA-2007:148	Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_16_sr.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0368.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0387.html	Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/474225/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/24965	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1018434	Broken Link Third Party Advisory VDB Entry
http://www.trustix.org/errata/2007/0023/	Broken Link
http://www.turbolinux.com/security/2007/TLSA-2007-46.txt	Broken Link
http://www.ubuntu.com/usn/usn-492-1	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-352A.html	Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2007/2578	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2007/4238	Broken Link Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771	Broken Link